When using edtFTPnet/PRO in a Windows service or Web application, sometimes developers get
exceptions related to access to the private key. This is caused by the very stringent
security requirements Windows places on access to private keys - Windows does
not permit the account that the system is running under permission to read the private key
that has previously been loaded into a Windows Certificate store.
The solution is to create the private key and certificate for
the localMachine user (instead of the user that the developer is
logged in as). This may be done as follows:
Use MakeCert
(see Note A below) to create a private key and a self-signed
certificate, and place it directly into the localMachine
certificate store.
Start up the
Certificates MMC Snap-In for the localMachine user (see Note B
below).
Export the
certificate and private key as a single PFX file (see Note C
below).
The MakeCert is a part of the Platform SDK. Older versions of
the MakeCert utility don't support the -pe option so make sure
that you have the latest version.
Note B
To access the certificate MMC snap-in on Windows:
At a command
prompt open MMC by typing "mmc
<enter>".
Select "File |
Add Remove Snap-in..."
Press
"Add..."
Select
"Certificates".
Select
"Computer account".
Select "Local
computer".
Press
"Close"
Press
"OK"
Open "Console
Root | Certificates (Local Computer) | Personal |
Certificates".
You should
see the certificate you just created. Right-click on it and select
"All tasks | Export...".
Note C
To export the private key and certificate using the certificate MMC
snap-on:
Open "Console
Root | Certificates (Local Computer) | Personal |
Certificates".
You should see
the certificate you just created. Right-click on it and select "All
tasks | Export...".
Select "Yes,
export the private key" and press Next.